CVE-2012-6076

2012-12-3100:00:00

ubuntu.com

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current
directory, which might cause Inkspace to process unintended files, allow
local users to obtain sensitive information, and possibly have other
unspecified impacts.

Bugs

Notes

Author	Note
seth-arnold	“low” priority due to symlink and hardlink restrictions in Ubuntu’s Linux kernels; without those protections, “medium” would be more appropriate. Multiple patches are proposed in the bugreport; NewAndUndoOld appears to be preferred from comments #11 and #12
mdeslaur	0.48.4 has fix, albeit the older fix. inkscape in lucid doesn’t do the chdir into /tmp, so not-affected

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchinkscape< 0.48.2-0ubuntu1.1UNKNOWN
ubuntu12.04noarchinkscape< 0.48.3.1-1ubuntu1.1UNKNOWN
ubuntu12.10noarchinkscape< 0.48.3.1-1ubuntu6.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	inkscape	< 0.48.2-0ubuntu1.1	UNKNOWN
ubuntu	12.04	noarch	inkscape	< 0.48.3.1-1ubuntu1.1	UNKNOWN
ubuntu	12.10	noarch	inkscape	< 0.48.3.1-1ubuntu6.1	UNKNOWN